Abstract
Sensor networks are deployed in a variety of environments for unattended operation. In a hostile terrain, sensor nodes are vulnerable to node capture and cryptographic material compromise. Compromised nodes can be used for launching wormhole and sinkhole attacks in order to prevent sensitive data from reaching intended destinations. Our objective in this paper is mitigating the impact of undetected compromised nodes on routing. To this end, we develop metrics for quantifying risk of paths in a network. We then introduce a novel routing approach: Secure-Path Routing (SPR) that uses expected path risk as a parameter in routing. Quantified path risk values are used in routing to reduce traffic flow over nodes that have high expected vulnerability. Selecting low risk routes may lead to the choice of energy-expensive routes. Thus, we develop algorithms for balancing risk with other path selection parameters, including energy consumption. We conduct simulation experiments to evaluate the effectiveness of our approach and study the tradeoff between security and energy. Simulation shows that SPR can be quite effective at increasing traffic flow over legitimate routes and that the impact of SPR on network lifetime is negligible.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bohacek, S., Hespanha, J. P., Obraczka, K., Lee, J., & Lim, C. (2002). Enhancing security via stochastic routing. In 11th IEEE international conference on computer communications and networks (ICCCN), May.
Capkun, S., Buttyán, L., & Hubaux, J.-P. (2003). Sector: secure tracking of node encounters in multi-hop wireless networks. In SASN’03: Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks (pp. 21–32). New York, NY: ACM Press.
Chan, H., Perrig, A., & Song, D. (2003). Random key predistribution schemes for sensor networks. In IEEE security and privacy symposim.
Chang, J., & Tassiulas, L. (1999). Routing for maximum system lifetime in wireless ad-hoc networks. In 37th annual allerton conference on communication, control, and computing.
European Economic Community. (1993). Information technology security evaluation manual (ITSEM). Technical report.
Deng, J., Han, R., & Mishra, S. (2006). INSENS: Intrusion-tolerant routing for wireless sensor networks. Computer Communications, 29(2), 216–230.
Eschenauer, L., & Gligor, V. (2002). A key management scheme for distributed sensor networks. In ACM CCS2002, Washington DC.
Ganesan, D., Govidan, R., Skenker, S., & Estrin, D. (2001). Highly-resilient, energy-efficient multipath routing in wireless sensor networks. In Symposium on mobile ad hoc networking and computing (MobiHoc’01), October 4–5, 2001, Long Beach, CA, USA (pp. 295–298). ACM, October.
Hu, Y.-C., Perrig, A., & Johnson, D. B. (2002). Ariadne: A secure on-demand routing protocol for ad hoc networks. In MOBICOM (pp. 12–23).
Hu, Y.-C., Perrig, A., & Johnson, D. B. (2003). Packet leashes: A defense against wormhole attacks in wireless networks. In INFOCOM.
Hu, Y.-C., Perrig, A., & Johnson, D. B. (2003). Rushing attacks and defense in wireless ad hoc network routing protocols. In WiSe’03: Proceedings of the 2003 ACM workshop on wireless security (pp. 30–40). New York, NY: ACM Press.
Jha, S., Sheyner, O., & Wing, J. M. (2002). Two formal analysis of attack graphs. In CSFW (pp. 49–63).
Karlof, C., & Wagner, D. (2003). Secure routing in wireless sensor networks: Attacks and countermeasures. Elsevier’s AdHoc Networks Journal, Special Issue on Sensor Network Applications and Protocols, 1(2–3):293–315, September.
Kuipers, F., Van Mieghem, P., Korkmaz, T., & Krunz, M. (2002). An overview of constraint-based path selection algorithms for QoS routing. IEEE Communications Magazine, 40(12), December.
Phillips, C. A., & Swiler, L. P. (1998). A graph-based system for network-vulnerability analysis. In Workshop on new security paradigms (pp. 71–79).
Puterman, M. (1994). Markov decision processes. New York, NY: Wiley.
Sheyner, O., Haines, J. W., Jha, S., Lippmann, R., & Wing, J. M. (2002). Automated generation and analysis of attack graphs. In IEEE symposium on security and privacy, pp. 273–284.
Sheyner, O. M. (2004). Scenario graphs and attack graphs. PhD thesis, Carnegie Mellon University, Pittsburgh, PA, April.
Wang, Z., & Crowcroft, J. (1996). Quality-of-service routing for supporting multimedia applications. IEEE Journal on Selected Areas in Communications, 14(7), 1228–1234.
Zhu, S., Setia, S., & Jajodia, S. (2003). LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In ACM conference on computer and communications security (CCS’03).
Acknowledgments
This work was supported in part by NSF EPSCoR under grant EPS- 0346476. The views and conclusions presented in this paper are those of the authors and should not be interpreted as necessarily representing the official opinions or policies, either expressed or implied, of NSF or the University of Nebraska-Lincoln.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Al Nahas, H., Deogun, J.S. & Manley, E.D. Proactive mitigation of impact of wormholes and sinkholes on routing security in energy-efficient wireless sensor networks. Wireless Netw 15, 431–441 (2009). https://doi.org/10.1007/s11276-007-0060-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-007-0060-7